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DETAILED ACTION 

This action is responsive to the Request for Continued Examination filed October 
5, 2007. Claims 1-4, 6, 7, 9-17, 27, 29, 30, 35-39, 41, 42, 44-46, 53, 55, and 57-60 
were pending. Claims 1-4, 6, 7,9-17, 27, 29, 30, 35-39, 41, 42, 44-46, 53, and 55 are 
allowed. 

EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Kent J. Sieffert on October 16, 2007. 

The application has been amended as follows: 
1 . A method comprising: 

establishing a packet tunnel between a first local area network and a second 
local area network, the packet tunnel having a source network address within an 
address space of the first local area network and a destination network address within 
an address space of the second local area network; 

reserving for the packet tunnel an amount of bandwidth within an access link; 

detecting a network attack; 

in response to the detected network attack, splitting the packet tunnel by 
selecting an intermediate network device, wherein the intermediate network device has 
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a network address from a network address space other than the address space of the 
first local area network and the address space of the second local area network^ 
wherein the first local area network and the second local area network are separated by 
a public network, and wherein' the intermediate network device has a network address 
from a network address space of the public network : 

establishing a first packet tunnel from the first local area network to the 
intermediate network device; 

establishing a second packet tunnel that originates from the intermediate network 
device to the second local area network; 

canceling the reserved bandwidth for the packet tunnel; 

reserving fro the second packet tunnel an amount of bandwidth within the access 
link; and 

communicating a virtual private network (VPN) traffic from the first local area 
network to the second local area network by redirecting the VPN traffic from the first 
local area network to the intermediate network device through the first packet tunnel 
and forwarding the VPN traffic from the intermediate network device to the second local 
area network through the second packet tunnel. 
9. The method of claim 1 , further comprising: 

upon detecting a network attack, sending a message from the a destination 
network device for the packet tunnel to toe a source network device for the packet 
tunnel instructing the source network device to establish the first packet tunnel with the 
intermediate network device. 
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17. The method of claim 16, wherein establishing a second packet tunnel comprises: 
unsubscribing to the multicast channel; 

selecting one of the multicast network addresses for the a new destination 
network address; 

establishing the second packet tunnel using the new destination network 
address; and 

subscribing to a multicast channel for the selected multicast network address. 

18. Canceled 

19. Canceled 

20. Canceled 

21. Canceled 

22. Canceled 

23. Canceled 

24. Canceled 

25. Canceled 

26. Canceled 

27. A method comprising: 

establishing a virtual private network service including a packet tunnel having a 
source network address within an address space of the a first local area network and a 
destination network address within an address space of the a second local area 
network; 

reserving for the packet tunnel an amount of bandwidth within an access link; 
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detecting a network attack; 

establishing a new virtual private network service upon detecting the network 
attack, by selecting an intermediate network device having a network address from a 
network address space other than the address space of the first local area network and 
the address space of the second local area network , wherein the first local area network 
and the second local area network are separated by a public network, and wherein the 
intermediate network device has a network address from a network address space of 
the public network : 

establishing a first packet tunnel from the first local area network to the 
intermediate network device; and 

establishing a second packet tunnel that originates from the intermediate network 
device to the second local area network; 

canceling the reserved bandwidth for the packet tunnel after establishing the new 
virtual private network service; and 

reserving for the second packet tunnel an amount of bandwidth within the access 
link upon canceling the reserved bandwidth for the packet tunnel. 

31. Canceled 

32. Canceled 

33. Canceled 

34. Canceled 

35. A system comprising 

a source device coupled to a first local area network; and 
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a destination device coupled to a second local area network, 

wherein the source device and the destination device establish a packet tunnel 
having a source network address within an address space of the first local area network 
and a destination network address within an address space of the second local area 
network, reserve for the packet tunnel an amount of bandwidth within an access link, 
upon detecting a network attack, select a new network address from a network address 
space other than the address space of the first local area network and the address 
space of the second locale area network, and split the packet tunnel by establishing a 
first packet tunnel from the first local area network to an intermediate network device 
having the new network address and establishing a second packet tunnel from the 
intermediate network device to the second local area, 

wherein the first local area network and the second local area network are 
separated by a public network, and wherein the intermediate network device has a 
network address from a network address space of the public network, 

wherein the destination device cancels the reserved bandwidth for the packet 
tunnel after the second packet tunnel is established, and reserves for the second packet 
tunnel an amount of bandwidth within the access link upon canceling the reserved 
bandwidth for the packet tunnel, and 

wherein the source device communicates virtual private network (VPN) traffic 
from the first local area network to the second local area network by redirecting the VPN 
traffic from the first local area network to the intermediate network device through the 



Application/Control Number: 10/057,043 Page 7 

Art Unit: 2141 

first packet tunnel for forwarding the intermediate network device to the second local 
area network through the second packet tunnel. 

38. The system of claim 35, wherein the destination device and the source device 
comprise edge routers that couple local area networks to the public network. 

39. The system of claim 35, wherein the destination device detects an attack on an 
access link coupling the destination device to the public network. 

47. Canceled 

48. Canceled 

49. Canceled 

50. Canceled 

53. A computer-readable medium comprising instructions to cause a processor to: 
establish a packet tunnel having a source network address within an address 

space of a first local area network and a destination network address within an address 

space of a second local area network; 

reserve for the packet tunnel an amount of bandwidth within an access link; 
detect a network attack; 

in response to the detected network attack, split the packet tunnel by selecting an 
intermediate network device, wherein the intermediate network device has a network 
address from a network address space other than the address space of the first local 
area network and the address space of the second local area network , wherein the first 
local area network and the second local area network are separated by a public 
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network, and wherein the intermediate network device has a network address from a 
network address space of the public network : 

communicate the network address to the a source device for the packet tunnel 
for establishing a first packet tunnel from the first local area network to the intermediate 
network device; 

establish a second packet tunnel that originates from the intermediate network 
device to the second local area network; 

cancel the reserved bandwidth for the packet tunnel; 

reserve for the second packet tunnel an amount of bandwidth within the access 
link; and 

receive virtual private network (VPN) traffic that was redirected from the first local 
area network to the intermediate network device through the first packet tunnel and 
forwarded the VPN traffic from the intermediate network device to the second local area 
network through the second packet tunnel. 

57. Canceled 

58. Canceled 

59. Canceled 

60. Canceled 

REASONS FOR ALLOWANCE 

The following is an examiner's statement of reasons for allowance: 
The prior art of record fails to teach neither singly nor in combination, the claimed 
limitations of "in response to the detected network attack, splitting the packet tunnel by 
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selecting an intermediate network device, wherein the intermediate network device has 
a network address from a network address space other than the address space of the 
first local area network and the address space of the second local area network, 
wherein the first local area network and the second local area network are separated by s 
a public network, and wherein the intermediate network device has a network address 
from a network address space of the public network" as stated in claim 1 and similarly 
stated in claims 27, 35, and 53. These limitations, in conjunction with other limitations in 
the independent claims, are not specifically disclosed or remotely suggested in the prior 
art of record. A review of claims 1-4, 6, 7, 9-17, 27, 29, 30, 35-39, 41, 42, 44-46, 53, 
and 55 indicated claims 1-4, 6, 7, 9-17, 27, 29, 30, 35-39, 41, 42, 44-46, 53, and 55 are 
allowable over the prior art of record. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brian J. Gillis whose telephone number is 571-272- 
7952. The examiner can normally be reached on M-F 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on 571-272-3880. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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